--- john-1.7.6-jumbo-12/src/wordlist.c.orig	2010-06-14 17:43:48.000000000 -0500
+++ john-1.7.6-jumbo-12/src/wordlist.c	2011-02-21 15:40:29.000000000 -0600
@@ -218,6 +218,8 @@
 		/* If the file is < max_wordfile_memory, then we work from a memory map of the file */
 		if (file_len < db->options->max_wordfile_memory)
 		{
+			char *aep;
+
 			/* probably should only be debug message, but I left it in */
 			log_event("loading wordfile %s into memory (%lu bytes, max_size=%u)\n", name, file_len, db->options->max_wordfile_memory);
 /* XXX: would need to alloc more for dummy_rules_apply()'s "blind truncation" */
@@ -228,16 +230,17 @@
 				fprintf(stderr, "fread: Unexpected EOF\n");
 				error();
 			}
-			word_file_str[file_len] = 0;
+			aep = word_file_str + file_len;
+			*aep = 0;
 			csearch = '\n';
-			cp = strchr(word_file_str, csearch);
+			cp = memchr(word_file_str, csearch, file_len);
 			if (!cp)
 			{
 				csearch = '\r';
-				cp = strchr(word_file_str, csearch);
+				cp = memchr(word_file_str, csearch, file_len);
 			}
 			for (nWordFileLines = 1; cp; ++nWordFileLines)
-				cp = strchr(&cp[1], csearch);
+				cp = memchr(&cp[1], csearch, file_len - (cp - word_file_str) - 1);
 			words = mem_alloc(nWordFileLines * sizeof(char*));
 			log_event("wordfile had %u lines and required %lu bytes for index.\n", nWordFileLines, (unsigned long)(nWordFileLines * sizeof(char*)));
 
@@ -246,18 +249,18 @@
 			do
 			{
 				char *ep = cp, ec;
-				while (*ep && *ep != '\n' && *ep != '\r') ep++;
+				while ((ep < aep) && *ep && *ep != '\n' && *ep != '\r') ep++;
 				ec = *ep;
 				*ep = 0;
 				if (ep - cp >= LINE_BUFFER_SIZE)
 					cp[LINE_BUFFER_SIZE-1] = 0;
 				if (strncmp(cp, "#!comment", 9))
 					words[i++] = cp;
-				if (!ec || i == nWordFileLines)
+				if (i == nWordFileLines)
 					break;
 				cp = ep + 1;
 				if (ec == '\r' && *cp == '\n') cp++;
-			} while (*cp);
+			} while (cp < aep);
 			nWordFileLines = i;
 			nCurLine=0;
 		}